icedid | f157864d7032fdc5231b3a34a1c27b53b1a887f4a5883f330b7ba43080035aa8 | Triage

Analysis

max time kernel
151s
max time network
172s
platform
windows10-2004_x64
resource
win10v2004-20220331-en
submitted
14-04-2022 14:27

Sharing

Report Analysis Logs

General

Target

f157864d7032fdc5231b3a34a1c27b53b1a887f4a5883f330b7ba43080035aa8.exe
Size

257KB
MD5

8d5bc2eb1aef4784d26c56c5ef28f150
SHA1

c8eaaaaad9cd300d9fa0ca6660ce8da7785a0ce1
SHA256

f157864d7032fdc5231b3a34a1c27b53b1a887f4a5883f330b7ba43080035aa8
SHA512

482f82879761a304bc2f274f07a401e9b3a27f08f3d18b20b9429935f3531050c90a653fe3f5848068375adce005ccd9e8500f641195c5961416cb5a714780ad

Score

10^/10

icedid banker loader trojan

Malware Config

Extracted

Family

icedid

C2

besitxavier.best

nazifestivo.best

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID Second Stage Loader 2 IoCs

Processes:

resource	yara_rule
behavioral2/memory/4816-124-0x0000000000400000-0x0000000000406000-memory.dmp	IcedidSecondLoader
behavioral2/memory/4816-125-0x0000000000400000-0x0000000000ADF000-memory.dmp	IcedidSecondLoader

C:\Users\Admin\AppData\Local\Temp\f157864d7032fdc5231b3a34a1c27b53b1a887f4a5883f330b7ba43080035aa8.exe
"C:\Users\Admin\AppData\Local\Temp\f157864d7032fdc5231b3a34a1c27b53b1a887f4a5883f330b7ba43080035aa8.exe"
1⤵
PID:4816

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4816-124-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/4816-125-0x0000000000400000-0x0000000000ADF000-memory.dmp

Filesize
6.9MB

Download